Configure the Splunk Add-on for VMware metrics to collect data from vCenter server systems using the VMware API
The Splunk Add-on for VMware Metrics uses the VMware API to collect data about your virtual environment. It communicates with vCenter Server using network ports and Splunk management ports.
|Scheduler (on the search head)||vCenter server||443||The scheduler uses port 443 to connect to the vCenter Server to verify that the vCenter Server credentials are valid. It also uses this port to discover the number of managed ESXi hosts in the environment.|
|Splunk Add-on for VMware Metrics||Data Collection Node||8089||The Splunk App for VMware Metrics connects to the Data Collection Node (DCN) on the default Splunk management port, TCP 8089.|
|Scheduler||Data Collection Node||8008||When the DCN and Splunk App for VMware have established a connection, the scheduler, which typically runs on the search head, allocates data collection jobs to the DCN on the TCP port 8008. TCP port 8008 is the gateway port. In your environment, if another service uses port 8008, you can configure a different port for communication between the data collection node and the gateway. Data collection nodes do not have to communicate on the same port.
[default] gateway_port = 8008
To change the ports for each data collection node individually, set the port in each stanza.
|Data Collection Node (DCN)||vCenter Server||443||The DCN communicates with vCenter Server API on port 443 to execute the data collection tasks allocated to it.|
|Data Collection Node||Splunk indexer||9997||The Data Collection Node uses port 9997 to forward data it has retrieved from the vCenter Server using the API.|
After the Splunk Add-on for VMware Metrics establishes a connection with a vCenter Server, the DCN uses port 443 to obtain the credentials for vCenter Server. The DCN uses port 443 to determine the kind of data to collect, such as performance, inventory, or task-event data. Splunk Add-on for VMware Metrics sends information to the data collection nodes using port 8008 about the information they need to collect from a specific vCenter Server system. The DCN retrieves the data from vCenter Server and forwards the data to the Splunk indexer on port 9997.
How the inventory data collection is performed in Splunk Add-on for VMware Metrics
The Splunk Add-on for VMware Metrics collects inventory data at default interval defined in Splunk_TA_vmware_inframon\default\inframon_ta_vmware_pool.conf configuration file. Since it is not needed to collect full inventory data at every interval, the add-on is designed to collect full inventory data in collectionVersion 1 and then it will collect only change sets (e.g. changes in VM inventory or host inventory) in incremental collectionVersions. After 4 hours of collectionVersion 1 collection or collectionVersion 20, whichever is reached first, add-on will collect full inventory data again and that cycle would be continued.
Control certificate validation for your data collection nodes
Control certificate validation your data collection nodes with the inframon_ta_vmware_config_ssl.conf file. Use it to enable and disable certificate validation for your DCN. By default, certificate validation is disabled.
- On your scheduler, navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon/default and copy the inframon_ta_vmware_config_ssl.conf file.
- Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon and create a local folder.
- Navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon/local and paste the inframon_ta_vmware_config_ssl.conf file.
- Open the $SPLUNK_HOME/etc/apps/Splunk_TA_vmware_inframon/local/inframon_ta_vmware_config_ssl.conf and set validate_ssl_certificate option to true:
[general] validate_ssl_certificate = true
- Save your changes.
- Restart your Splunk platform instance.
For more information, see About securing inter-Splunk communication in the Securing Splunk Enterprise manual.
Configure Splunk Add-on for VMware Metrics to collect ESXi log data
Add configurations in the Collection Configuration page of the Splunk Add-on for VMware Metrics
This documentation applies to the following versions of Splunk® Supported Add-ons: released